VYPR
← All advisories
High severityNVD Advisory· Published Jul 31, 2024· Updated Aug 2, 2024

CVE-2024-40465

CVE-2024-40465

Description

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Beego v2.2.0 and earlier have a privilege escalation vulnerability in getCacheFileName in file.go allowing remote attackers to gain unauthorized access.

Vulnerability

Analysis

The vulnerability is an issue in the beego web framework version 2.2.0 and earlier, located in the getCacheFileName function in the client/cache/file.go file [1][2][4]. The root cause is related to insecure handling of cache file names, which can be exploited by a remote attacker to escalate privileges on the affected system [1][2]. The advisory from GitHub Security Advisory (GHSA-6g9p-wv47-4fxq) confirms this as a security hole [1].

Exploitation

A remote attacker can exploit this vulnerability by sending specially crafted requests that trigger the vulnerable function, leading to privilege escalation [2][4]. The attack does not require authentication or local access, making it exploitable from an external network [2]. The affected component is the cache file module, and the attack type is remote [2]. The CWE classification indicates weaknesses related to broken or risky cryptographic algorithm usage (CWE-327) and use of weak hash (CWE-328) [2].

Impact

Successful exploitation allows a remote attacker to escalate their privileges on the server running the vulnerable beego application [1][2][4]. This could lead to unauthorized access to sensitive data, modification of system configurations, or full compromise of the application. The impact is severe as it affects all versions up to 2.2.0 [2].

Mitigation

The vulnerability has been fixed in the beego repository by commit 8f89e12, which addresses multiple security issues including this one [3]. Users are strongly advised to upgrade to a patched version. No workarounds are mentioned in the advisory. The fix includes changes to error message casing and adds an InsecureSkipVerify option for SMTP configuration to improve security [3].

References
  1. Some security holes reported in the attach file
  2. CVE-2024-40465
  3. fix GHSA-6g9p-wv47-4fxq · beego/beego@8f89e12
  4. NVD - CVE-2024-40465

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/beego/beego/v2Go
< 2.2.12.2.1

Affected products

28

Patches

2
8f89e12e6caf

fix GHSA-6g9p-wv47-4fxq

https://github.com/beego/beegoDeng MingApr 25, 2024via ghsa
commit
2 files changed · +19 15
  • core/logs/alils/request.go+2 2 modified
    @@ -13,7 +13,7 @@ func request(project *LogProject, method, uri string, headers map[string]string,
 
 	// The caller should provide 'x-sls-bodyrawsize' header
 	if _, ok := headers["x-sls-bodyrawsize"]; !ok {
-		err = fmt.Errorf("Can't find 'x-sls-bodyrawsize' header")
+		err = fmt.Errorf("can't find 'x-sls-bodyrawsize' header")
 		return
 	}
 
@@ -27,7 +27,7 @@ func request(project *LogProject, method, uri string, headers map[string]string,
 		headers["Content-MD5"] = bodyMD5
 
 		if _, ok := headers["Content-Type"]; !ok {
-			err = fmt.Errorf("Can't find 'Content-Type' header")
+			err = fmt.Errorf("can't find 'Content-Type' header")
 			return
 		}
 	}
  • core/logs/smtp.go+17 13 modified
    @@ -32,29 +32,33 @@ type SMTPWriter struct {
 	FromAddress        string   `json:"fromAddress"`
 	RecipientAddresses []string `json:"sendTos"`
 	Level              int      `json:"level"`
-	formatter          LogFormatter
-	Formatter          string `json:"formatter"`
+	// InsecureSkipVerify default value: true
+	InsecureSkipVerify bool `json:"insecureSkipVerify"`
+
+	formatter LogFormatter
+	Formatter string `json:"formatter"`
 }
 
 // NewSMTPWriter creates the smtp writer.
 func newSMTPWriter() Logger {
-	res := &SMTPWriter{Level: LevelTrace}
+	res := &SMTPWriter{Level: LevelTrace, InsecureSkipVerify: true}
 	res.formatter = res
 	return res
 }
 
 // Init smtp writer with json config.
 // config like:
 //
-//	{
-//		"username":"example@gmail.com",
-//		"password:"password",
-//		"host":"smtp.gmail.com:465",
-//		"subject":"email title",
-//		"fromAddress":"from@example.com",
-//		"sendTos":["email1","email2"],
-//		"level":LevelError
-//	}
+//		{
+//			"username":"example@gmail.com",
+//			"password:"password",
+//			"host":"smtp.gmail.com:465",
+//			"subject":"email title",
+//			"fromAddress":"from@example.com",
+//			"sendTos":["email1","email2"],
+//			"level":LevelError,
+//	     	"insecureSkipVerify": false
+//		}
 func (s *SMTPWriter) Init(config string) error {
 	res := json.Unmarshal([]byte(config), s)
 	if res == nil && len(s.Formatter) > 0 {
@@ -91,7 +95,7 @@ func (s *SMTPWriter) sendMail(hostAddressWithPort string, auth smtp.Auth, fromAd
 
 	host, _, _ := net.SplitHostPort(hostAddressWithPort)
 	tlsConn := &tls.Config{
-		InsecureSkipVerify: true,
+		InsecureSkipVerify: s.InsecureSkipVerify,
 		ServerName:         host,
 	}
 	if err = client.StartTLS(tlsConn); err != nil {
5a366cd62b55

fix: close file in the GrepFile func

https://github.com/beego/beegoguangwuApr 18, 2024via ghsa
commit
1 file changed · +1 0
  • core/utils/file.go+1 0 modified
    @@ -69,6 +69,7 @@ func GrepFile(patten string, filename string) (lines []string, err error) {
 	if err != nil {
 		return
 	}
+	defer fd.Close()
 	lines = make([]string, 0)
 	reader := bufio.NewReader(fd)
 	prefix := ""

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.